CVE-2018-20838
NONE EPSS 60.8%
Published May 13, 20197y ago ยท Modified Jun 17, 20262w ago
Published May 13, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
Threat Intelligence
EPSS Exploit Probability
60.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| magazine3 | amp_for_wp | * | <0.9.97.21 |
References 4
- ampforwp.com https://ampforwp.com/critical-security-issues-has-been-fixed-in-0-9-97-20-version/
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/changelog.txt
- wordpress.org https://wordpress.org/plugins/accelerated-mobile-pages/#developers
- wordfence.com https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-wordpress-amp-plugin/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.